Red Hat Certified Specialist in Security (Exam EX415) Prep Course

Intro Video

Bob Salmans

Course Details

The performance-based Red Hat Certified Specialist in Security exam (EX415) tests your ability to perform a number of systems administration tasks focused on securing servers. This includes the use of firewalls, USB device restriction, encryption, auditing, compliance, automation, and more.

Syllabus

Introduction

Course Introduction

About the Author

00:01:10

Lesson Description:

In this video, you'll meet Bob Salmans, the security training architect for this course.

About the Course

00:03:46

Lesson Description:

In this video, we'll discuss what this course is all about. We'll review each of the main topics covered in the course and discuss the practice exam we've created to help you pass the Red Hat EX415 certification exam.

Course Features

00:04:29

Lesson Description:

In this video, we'll review the helpful features included in this and every other Linux Academy course: flash cards, community, the course scheduler tool, and much more. This video will help you get the most out of the course.

Security Auditing and Automation

System Auditing

Introduction to System Auditing

00:11:36

Lesson Description:

In this video, we will be introduced to auditd, the system auditing service. We will discuss use cases for auditing and where auditd logs to and how it decides what to log. We will begin to learn the process of creating audit rules using auditctl.

Defining Audit Rules and Creating Audit Reports

00:17:22

Lesson Description:

In this video, we will look at configuring persistent audit rules and using pre-configured rules to meet security compliance. Then we'll see how to use the aureport utility to create audit reports.

Hands-on Labs are real live environments that put you in a real scenario to practice what you have learned without any other extra charge or account to manage.

OpenSCAP

All About OpenSCAP

00:12:37

Lesson Description:

In this video, we will see what OpenSCAP is and what it can do for us. OpenSCAP is a very useful tool when it comes to auditing our systems for compliance and can be very helpful in automating compliance remediation. We'll look at:
How to install OpenSCAP and scap-workbenchHow to scan local and remote hosts with OpenSCAPCreating custom policiesCreating remediation scripts for Ansible
OpenSCAP is a great tool to help us monitor our environments for compliance and to help us in the automation of remediation.

OSCAP with Red Hat Satellite and Insights

00:07:58

Lesson Description:

In this video, we'll take a look at how to create and edit policies within the OSCAP section of Red Hat Satellite. We'll then dive into Red Hat Insights and look at how we can review information about our hosts and download Ansible remediation scripts from within Insights.

Connecting to a Linux Lab Server with VNC

00:00:51

Lesson Description:

In this video, I'll demonstrate how to connect to a Linux lab server using VNC.

Hands-on Labs are real live environments that put you in a real scenario to practice what you have learned without any other extra charge or account to manage.

Ansible

In this video, we'll be reviewing what Ansible is used for and the different parts of Ansible. For example, we'll be looking at the inventory file, modules, playbooks, and configuration files.

Installing Ansible and Managing SSH Keys

00:14:44

Lesson Description:

In this video, we'll be installing and configuring Ansible. We'll cover setting up an Ansible user account, creating SSH keys, sharing those keys, and working with sudo. Then, we'll find out how to run ad-hoc Ansible commands, and create and run playbooks. Lastly, we'll discuss using Ansible to automate remediation of security issues.

Hands-on Labs are real live environments that put you in a real scenario to practice what you have learned without any other extra charge or account to manage.

AIDE Scenarios

In this video, we'll take a look at some common scenarios you might encounter, a common error you may see, and two instances you might create rules when working with AIDE.

System Hardening

Securing SSH

Managing SSH Access

00:06:22

Lesson Description:

In this video, we'll cover how to manage SSH access to a host. This includes using key terms such as AllowUsers and AllowGroups. We'll edit the /etc/ssh/sshd_config file to manage which users can SSH into a host, as well as where they can SSH from.

Working with SSH Keys and Settings

00:06:49

Lesson Description:

In this video, we'll start working with SSH keys and then move into some additional settings that can be used to increase the security of SSH. We'll generate SSH keys and share them with another node and then test using SSH with the newly shared keys.

Hands-on Labs are real live environments that put you in a real scenario to practice what you have learned without any other extra charge or account to manage.

USB Device Restrictions

Installing and Configuring USBGuard

00:09:47

Lesson Description:

In this video, we'll cover what USBGuard is and how we can use it to control which USB devices our hosts can communicate with. As we know, rogue USB devices are a threat to our environments through such means as "USB Dropper Attacks". USBGuard provides us a way to control USB device access and eliminate the threat of rogue USB devices.

USBGuard Policies and Settings

00:09:33

Lesson Description:

In this video, we continue working with USBGuard and begin writing rules. We'll look at how we create rules and import them into the USBGuard config file. We'll also review the different options available to us when creating rules for USBGuard.

Hands-on Labs are real live environments that put you in a real scenario to practice what you have learned without any other extra charge or account to manage.

Pluggable Authentication Module (PAM) Policies

In this video, we'll learn about PAM (Pluggable Authentication Module) and what we can use PAM to accomplish. We'll review the PAM config files, locate the PAM documents, and how to install PAM.

Creating Account Lockout Policies

00:11:01

Lesson Description:

In this video, we'll take a look at how to use PAM to create account lockout policies. We'll define a policy, put it into effect, and then test the policy for functionality. We'll see how to identify failed logins for users and how to reset those failed logins.

Creating Password Policies

00:09:19

Lesson Description:

In this video, we'll take a look at how to use PAM to create password policies, more specifically, password complexity policies. We'll review the available options to define acceptable passwords and then create a password history policy to prevent password reuse.

Hands-on Labs are real live environments that put you in a real scenario to practice what you have learned without any other extra charge or account to manage.

Managing sudo

Controlling sudo Access

00:04:39

Lesson Description:

In this video, we'll take a look at how to control sudo access on a host. We'll discuss the default settings in the sudoers file and how to add users and groups to the file. We'll also discuss how to use sudo in a granular manner and how to disable the requirement for a password when using sudo.

Locking Down sudo

00:04:29

Lesson Description:

In this video, we'll discuss how to make sudo more secure. sudo itself isn't inherently dangerous, but it can be used in a more secure manner. We'll look at three ways to increase the security of sudo, including changing default settings, password cache timeouts, and using granular sudo permissions.

Hands-on Labs are real live environments that put you in a real scenario to practice what you have learned without any other extra charge or account to manage.

Disk Encryption

Linux Unified Key Setup (LUKS)

Linux Storage Review

00:04:46

Lesson Description:

In this video, we will review storage on Linux hosts. We'll review the storage layout, volume groups, and logical volumes. We'll also take a look at some commands that are helpful when dealing with storage.

Introduction to LUKS

00:05:19

Lesson Description:

In this video, we'll be covering the topic of storage encryption using Linux Unified Key Setup (LUKS). We'll discuss the idea of encrypted data at rest versus decrypted data that the operating system can use. Lastly, we'll take a look at how to install the required LUKS package.

The LUKS Encryption Process

00:13:19

Lesson Description:

In this video, we'll walk through the process used to encrypt a volume using LUKS. Then, we'll format the volume and mount it so the operating system can use the volume.

Mounting LUKS Volumes at Boot

00:04:25

Lesson Description:

In this video, we'll learn how to set up a LUKS encrypted volume to open and mount at boot time. This includes editing the /etc/crypttab and /etc/fstab files to make this happen. We also discuss a drawback to configuring a LUKS volume to open and mount at boot.

LUKS Volume Management

00:13:15

Lesson Description:

In this video, we'll review tasks used when managing LUKS volumes. This includes opening and closing LUKS volumes, changing a LUKS passphrase, and performing backups of the LUKS headers.

LUKS Scenarios and Review

00:05:37

Lesson Description:

In this video, we will go through a couple scenarios you are likely to encounter when working with LUKS. We'll walk through each scenario and discuss the processes involved in completing the objectives in each scenario.

Hands-on Labs are real live environments that put you in a real scenario to practice what you have learned without any other extra charge or account to manage.

Network-Bound Disk Encryption (NBDE)

Introduction to NBDE

00:03:43

Lesson Description:

In this video, we'll review what Network-Bound Disk Encryption (NBDE) is and how it works. We'll review the benefit it provides us while automating the opening process of LUKS encrypted storage. We'll also discuss the layout of the NBDE architecture and what packages need to be installed.

Configuring NBDE Servers

00:04:13

Lesson Description:

In this video, we walk through the process of setting up the server side of the NBDE solution. This includes installing the Tang package and validating the Tang service creates keys and starts properly.

Configuring NBDE Clients

00:05:08

Lesson Description:

In this video, we'll walk through the process of setting up the client side of the NBDE solution. This includes installing multiple Clevis packages, binding a Tang key to our LUKS encrypted storage, and configuring the decryption process to happen at boot.

NBDE Key Management

00:02:49

Lesson Description:

In this video, we'll discuss NBDE key management. As a best practice, it's best to periodically update your NBDE keys. This includes creating new keys and re-binding LUKS encrypted storage to the new keys.

Hands-on Labs are real live environments that put you in a real scenario to practice what you have learned without any other extra charge or account to manage.

SELinux

Security-Enhanced Linux

In this video, we'll learn what SELinux is and what it is not. We'll also discuss what role it plays in security. Lastly, we'll learn how to set the SELinux state of protection.

Policies and Labels

00:10:55

Lesson Description:

In this video, we'll learn all about policies and labels. We'll cover the three policy states of SELinux. Then, we'll discuss what labels are and how SELinux uses them.

Type Enforcement and Managing Labels

00:06:55

Lesson Description:

In this video, we'll discuss type enforcement and what that means. We'll review how SELinux uses types and labels to control communications between objects. Lastly, we'll cover how to manage types and change them when needed.

Booleans

00:09:27

Lesson Description:

In this video, we'll discuss booleans, what they are, and how they are used. We'll also discuss some scenarios to help you better understand how we use booleans.

Troubleshooting SELinux

00:06:40

Lesson Description:

In this video, we'll discuss how to troubleshoot SELinux. Many times, SELinux is disabled simply because admins are not sure how to deal with errors. We will ensure that you are not one of those admins. We'll look at installing two packages that help us to troubleshoot SELinux and see just how easy it is to fix problems within SELinux.

Confined Users, Booleans, and sudo

00:17:08

Lesson Description:

In this video, we'll discuss what confined users are within SELinux and what role they play in security. Then, we'll revisit our old friend: boolean. We'll use booleans to impose rules onto Linux users. Lastly we'll take a look at how SELinux restricts sudo access for users and what we can do to remedy this.

Confined Users Review

00:04:10

Lesson Description:

In this video, we'll review what confined users are and how we work with them. This includes searching through booleans for specific rules and setting them.

SELinux Scenario

00:06:06

Lesson Description:

In this video, we walk through a scenario which you may run across in day-to-day Linux management. We see first-hand how SELinux can cause issues and we walk through how to troubleshoot those issues to resolve them.

Hands-on Labs are real live environments that put you in a real scenario to practice what you have learned without any other extra charge or account to manage.

Conclusion

Next Steps

How to Prepare for the Exam

00:05:09

Lesson Description:

In this video, we'll talk about how to prepare for the Red Hat EX415 exam, as well as go over how to register for and schedule the exam. Lastly, we'll talk about how to share your success with the Linux Academy community!

Get Recognized

00:01:01

Lesson Description:

Here at Linux Academy, we want to celebrate your success with you. Let us know when you pass a certification, complete a course, or have any other big wins so we can recognize your achievements!

What's Next After Certification

00:02:24

Lesson Description:

Now that you've completed the course and hopefully taken and passed your certification, what would you like to do next? In this video, we make some suggestions that may help you decide.